IRS Data Breach Redux

Sections of this topic

    Stolen info allows hackers to penetrate E-file systems

    2015 saw a major IRS hack that compromised the information of over 300,000 taxpayers, and 2016 isn’t starting off much better. This time around, hackers gained access to E-file PIN numbers of over 100,000 accounts.

    To its credit, the IRS did release a statement informing stakeholders what had happened:

    The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file pin is used in some instances to electronically file a tax return.

    No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.

    IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.

    Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN.

    The incident, involving an automated bot, occurred last month, and the IRS continues to closely monitor the web application.

    This incident is not connected or related to last week’s outage of IRS tax processing systems.

    As can be expected from the IRS, there’s a glaring lack of compassion in the statement. It does get the facts out, and it’s not exactly surprising that the IRS isn’t able to communicate on a human level, so it works. Of course, if we were one of the affected individuals we’d be wondering where “elsewhere outside the IRS” my information was stolen from…

    ——————————-
    For more resources, see the Free Management Library topic: Crisis Management
    ——————————-

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

    – See more at: https://management.org/blogs/crisis-management/2016/02/09/crisis-risk-many-hack-victims-fail-to-notify-business-partners/